Splunk Search

Community Activity

Field extraction on source type on splunk when i want to do field extraction ask me source type. and when I open this listbox show files on that path... by indeed_2000 Motivator in Splunk Search 04-21-2020 0 0	0	0
Search lookup containing IP addresses by CIDR mask I cannot find this question being asked this way round, so hopefully its not a duplicate. I have a lookup CSV like t... by joepjisc Path Finder in Splunk Search 04-21-2020 0 5	0	5
How to make a chart where the x-axis is a guid I have 3 fields: "Runtime_A", "Runtime_B", and "guid". My current query is: search \| chart values(guid) AS "Guid", ... by splunkuser2127 Loves-to-Learn in Splunk Search 04-20-2020 0 2	0	2
How to display 0 when there is No Records Found or Nothing returned the search (thanks for who provided this) is: \| tstats count where host=linux01 sourcetype="linux:audit" by _time sp... by splunkbeginner Engager in Splunk Search 04-20-2020 0 8	0	8
I have a search that returns activity summary by email address. I also have a ksv with KNOWN users. How do I list those users that have no activity in the search? someone suggested a join, but as a newbie...... Don't know how to do this. I believe I would need two searches, 1 b... by MwayneSmith Explorer in Splunk Search 04-20-2020 0 1	0	1
Convert CIDR Range into list of member IPs. Given a list of CIDR ranges ... 10.198.68.132/30, 10.244.18.150/31, 10.48.37.96/24 Is there a search that could extr... by pkeller Contributor in Splunk Search 04-20-2020 0 2	0	2
How do you overlay charts that are linked together with a field? I have 3 extraction fields: "guid", "runtime_general", "runtime_specific". There is also a value "A" that I will sea... by splunkuser2127 Loves-to-Learn in Splunk Search 04-20-2020 0 0	0	0
Field extraction tool not showing whole event. I'm trying to use the field extraction tool. The problem is that the field I want to extract is about 18 lines down ... by nocostk Communicator in Splunk Search 04-20-2020 0 4	0	4
How to fill empty or missing data values based on approximations of previous values? Hello All, I spent a lot of time trying to figure out how to fill out missing data with approximations based on the ... by bntdumas Engager in Splunk Search 04-20-2020 0 6	0	6
Stumped. Selective removal of events while keeping others. Ideally avoiding mvexpand. Hi folks, I'm having a hard time with this one. Maybe I need more coffee. Say I have several events like this: Event... by loc_spl New Member in Splunk Search 04-20-2020 0 1	0	1
searchs that does not succeed Hello, I would like to know how to find searchs that do not succeed (no results or with errors) ? Some users complain... by warmup031 Explorer in Splunk Search 04-20-2020 0 2	0	2
Regex in splunk Hello I am trying to get a regex to work in splunk but without success, perhaps someone here can help me? This work... by malgru New Member in Splunk Search 04-20-2020 0 3	0	3
Parsing of highly nested JSON events with arrays We want to parse highly nested jsons into expanded tables. We found that the following code works, given we apply the... by wfskmoney Path Finder in Splunk Search 04-20-2020 0 2	0	2
Can I search with case insensitive fields. Hello there, Is there a way to address all fields case insensitively. To illustrate my point I have this query, ind... by iet_ashish Explorer in Splunk Search 04-20-2020 0 1	0	1
Splunk Join not working I am trying to create a result set out of 2 search queries with a common field.I have tried multiple solutions provid... by coolkris New Member in Splunk Search 04-20-2020 0 3	0	3
How to re-use list of values. I have a query which essentially looks like this, \| makeresults count=1 \| eval host="host1, host2, host3, host4, ho... by iet_ashish Explorer in Splunk Search 04-20-2020 0 5	0	5
count occurrence of value in field in a single event I have 6 sources with json event in the following structure (each source with different data of tests): "tests": [... by navap123 Explorer in Splunk Search 04-20-2020 0 3	0	3
Extracting values from a event log search for key value pairs Hello community, I am using search to get the values for ‘runtime’ and trying to get overall stats for a runtime va... by mpd202004 New Member in Splunk Search 04-20-2020 0 3	0	3
What is "batch mode" search? Hi, I'm testing out some features in 6.3, and looking at increasing our search and index throughput. One of the set... by a212830 Champion in Splunk Search 04-19-2020 1 6	1	6
About dropdown filter There is a dropdown filter on the dashboard. How can I select multiple values for that filter? by manakin New Member in Splunk Search 04-19-2020 0 2	0	2
Eval function for Variable Calculations I have a logic which I want to implement in Splunk, but I'm getting confused with the syntax.Let me explain what I am... by kulwindersandhu New Member in Splunk Search 04-19-2020 0 1	0	1
How to pass argument (dynamically) to searchmatch function without use map command Hi, I wonder test different pattern matching (format spl) dynamically with a field value without use the command "ma... by Testeur971 New Member in Splunk Search 04-19-2020 0 13	0	13
How can I create lookup table file(csv file) automatically? I just want to create csv file automatically everyday for example, today just is created 20200417.csv tomorrow will ... by tkdguq0110 Path Finder in Splunk Search 04-19-2020 0 4	0	4
Please help....I'm using \|eval case() with multiple values and need help with passing through the values to an IN() search There are three conditions in my eval: 1) date=2019-Present, '"/2019","/2020"' 2) date=2019, " /2019" 3) date=2020,... by motaghis Explorer in Splunk Search 04-18-2020 0 6	0	6
Unable to retrieve XML tags which as mutliple attributes Hi, I am novice to splunk and trying to learn explore things in it. Currently I am stuck with one problem while extr... by asoma0707 New Member in Splunk Search 04-18-2020 0 5	0	5